28% of ICS/OT systems lack an incident response plan! Are we prepared for the risks this poses to critical infrastructure?

Securing these systems requires more than technology—it’s about strong strategies and skilled teams. Every organization needs a response plan to detect, respond to, and recover from cyber incidents.

What’s your top tip for ICS/OT security? Share below!

Read more about the importance of incident response in our latest blog post: https://guardiansofcyber.com/cybersecurity-news/ics-ot-systems-lack-ir-plan-risk/

Only 1/3 of UK businesses have ever conducted a cyber risk assessment

Plus we often hear from IT and Security Teams that struggle to know what makes a *good* risk assessment?

This is despite risk being widely regarded as the foundation for any cyber security programme. It features in government guidance, international standards, and wider good practice.

So we're starting a new series on the Cydea blog looking into just that. Plus tips and tricks on how you can up your #cyber #risk game (and maybe sneak in a bit of #CRQ too )

Check out the link below to the first part where we touch on preparation and (briefly) identifying risk - then make sure you're following Cydea for future updates!

What makes a good risk assessment? >> https://cydea.com/blog/what-makes-a-good-cyber-risk-assessment/

"...burnout is a human issue which then can lead to a larger cyber risk issue." So, how can orgs help employees and prevent burnout? #Graylog's Joe Gross explains what they can do to support their security teams and reduce cyber risk.

This article shares some great tips on:
Adopting an inclusive culture
Building a comfort level among security teams
Setting cyber-risk expectations from the top

https://www.cpomagazine.com/cyber-security/the-root-cause-of-security-analyst-burnout-human-vulnerabilities/ via CPO Magazine #cyberrisk #cybersecurity #infosec

Did you know 66% of cybersecurity professionals are facing unprecedented stress levels due to increasingly complex threats?
As cyberattacks grow more sophisticated, it's essential to stay ahead of the curve. Tip: Prioritize continuous training to combat the complexity of today's threat landscape. It could be the difference between prevention and disaster.

How does your team handle the stress of an evolving cyber threat environment?

Read more insights in our latest post: https://guardiansofcyber.com/cybersecurity-news/66-of-cybersecurity-professionals-face-unprecedented-stress-levels-due-to-complex-threats/

So, an #introduction, eh?

I'm a recovering #engineer, former CTO, security researcher, and ex-regulator for #ICSsecurity. I'm now the Director of Cyber Risk at Dragos and I teach (and write) for #SANS.

I've had a lucky career-- I've testified before the US Congress and several federal agencies (as well as a few other countries abroad) and have helped hundreds of industrial organizations improve their #OT security. I've helped write a handful of international standards and I have some strong opinions on what "good" looks like for ICS/OT.

I'll usually write/present on:
#cyberrisk #metrics #technical #standards #engineering #safety #auditing #industrial #ICS #IIoT #governance
...and whatever strikes my fancy. My focus over the past 5-10 years has been more board-level, but I spent a large part of my career in a hard hat trying to fix (and break) industrial systems.

That said, if anyone asks me "what do you do for a living?" I usually avoid talking about myself and instead deviate to more important things... like living a healthy, happy life and helping others where I can.

Oh, and memes. I shitpost memes about how absurd our small community can be some times.

Oof. 9,718 characters left. Uhh. Check out my bio here if you want more info: https://www.sans.org/profiles/jason-d-christopher/